Operations

Observe it. Tune it. Prove it held.

A security gate is only as good as your ability to run it. Runelm ships the operational surface a regulated team needs on day one — a dashboard, safe rule-tuning, rate limiting, tamper-evident audit, metrics, and a hardened container.

Built to run in production

A gate you can watch, tune, and prove.

Classification is the easy half. Operating it — seeing what was blocked, tuning rules without leaking, proving the log was not tampered with — is the half that ships here too.

  • Observability dashboard

    A read-only web console on the same port: live audit feed, classification distribution, active sessions, and the running config with secrets redacted. No extra stack to deploy.

  • Audited config editing

    Edit the keyword blocklist, custom regex patterns, and per-caller overrides from the console. Every mutation writes an audit row before it takes effect.

  • Dry-run corpus replay

    Replay up to 100 real prompts through POST /v1/dryrun or the CLI to tune rules safely — per-prompt levels and entity counts, zero upstream calls, no stored prompt text.

  • Rate limiting + anomaly watch

    Per-caller sliding-window limits — refused-to-disable in production — plus a classification-distribution-shift signal surfaced on every response via X-Runelm-Anomaly.

  • HMAC key rotation

    Rotate the audit secret across epochs with runelm audit rotate-hmac-secret. The tamper-evident hash chain stays verifiable end-to-end through the re-key.

  • Prometheus metrics + alerts

    Scrape /metrics for classification, routing, block, and latency series. Ships with a documented alert ruleset for the signals that actually matter.

Pluggable audit backends

Pick where the hashed audit trail lands — and compose wrappers for durability and throughput. Prompt text is never written; only the HMAC, the decision, and the metadata.

memory
ephemeral — development only
sqlite
single-node durable store
hash_chain_file
tamper-evident, HMAC hash-chained
loki
ship to Grafana Loki with retention
s3_object_lock
write-once, compliance-grade retention
composite
fan out to several, durable fallback
batching
wrapper — buffer writes for throughput
retry
wrapper — survive a transient outage

The hash-chained and S3-Object-Lock backends are tamper-evident: runelm audit verify walks the chain from genesis and reports the first divergence. Every read of the audit log is itself audited — audit-on-audit.

Operate from the terminal

Everything in the dashboard is also a command. Operators who prefer the terminal never need the UI.

  • $ runelm audit tail --follow # live, hashed audit feed
  • $ runelm audit verify # walk the tamper-evident chain
  • $ runelm audit rotate-hmac-secret # re-key without losing the chain
  • $ runelm dryrun --corpus=traffic.jsonl # replay a corpus, no upstream calls
  • $ runelm override set --principal=fin-bot --min-level=HIGH --expires=30d
  • $ runelm engagement close acme-q3 --reason=engagement-ended
  • $ runelm vacuum # sweep expired substitution maps

Hardened by default

The Helm chart and container ship locked down — fail-closed posture extends to the runtime, not just the classifier. Scrape /metrics, point it at your secret store, and deploy.

  • Runs as a non-root user
  • Read-only root filesystem
  • All Linux capabilities dropped
  • seccomp: RuntimeDefault